CVE-2020-23835

MEDIUM

SourceCodester Tailor Management System v1.0 - XSS

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2020-23835. PoCs published by boku.

AI-analyzed exploit summary This is a functional proof-of-concept exploit for a reflected XSS vulnerability in Tailor Management System 1.0. It generates a malicious URL that, when visited by a victim, logs keystrokes and sends them to an attacker-controlled server via a socket listener.

Description

A Reflected Cross-Site Scripting (XSS) vulnerability in the index.php login-portal webpage of SourceCodester Tailor Management System v1.0 allows remote attackers to harvest keys pressed by an unauthenticated victim who clicks on a malicious URL and begins typing.

Exploits (1)

exploitdb WORKING POC
by boku · textwebappsphp
https://www.exploit-db.com/exploits/48813

This is a functional proof-of-concept exploit for a reflected XSS vulnerability in Tailor Management System 1.0. It generates a malicious URL that, when visited by a victim, logs keystrokes and sends them to an attacker-controlled server via a socket listener.

Classification
Working Poc 95%
Attack Type
Xss
Complexity
Moderate
Reliability
Reliable
Target: Tailor Management System 1.0
No auth needed
Prerequisites: Victim must visit a crafted URL · Attacker must host a listener to receive keystrokes
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/48813

Scores

CVSS v3 6.4
EPSS 0.0229
EPSS Percentile 80.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:L/A:L

Details

CWE
CWE-79
Status published
Products (1)
tailor_management_system_project/tailor_management_system 1.0
Published Sep 01, 2020
Tracked Since Feb 18, 2026